Setting up the backup server side

Using 'new-restic-server' to set up the server

will set up all of the per-client setup on the backup-server: making a minio
config and path for storage, setting up a runsv directory to run the
minio server, and creating access key and secret for the minio server.
You will have to make sure the port you picked (in this example, 9002) is
distinct between all clients backing up to this service.

Activing the minio server

Activating the minio server is a distinct step, but an easy one with our runsvdir setup:

A few seconds later, runsvdir will detect the new symlink and start the minio process.

Setting up the client side

Installing the binaries

I install these all in /usr/local/bin, you'll need to get a recent copy
of restic, as well as the daily-restic-backups,
restic-unroll and restic-wrapper scripts from the client
directory of the git repo (handily linked at the end of this article).

Most of these are self-explanitory. The RESTIC_REPOSITORY is marked as s3
because that's what minio looks like to it. It ends in /backups because
you have to put things in a "bucket" RESTIC_PASSWORD_FILE causes restic
to read from that file, instead of prompting for a password.

Create include and exclude files

Now the hardest part, deciding what to backup and exclude. Everything will be backed up from
/, use full paths in the include an exclude files, which go in /etc/restic/include-files
and /etc/restic/exclude-files respectively.

Configure repo password

sudo /bin/sh -c 'pwgen 32 1 > /etc/restic/repo-password'

Here, we're using the pwgen command to generate a single, 32 character long
password. YOU MUST NOT LOSE THIS. This is the encryption key used to encrypt
everything in the repo, and without it, you won't be able to recover anything. I store mine
in a GnuPG encrypted git repo that I backup outside of my restic setup.

Initialize the repo

sudo /usr/local/bin/restic-wrapper init

will initialize the repo. It will spit out something like:

created restic backend bcae9b3f97 at s3:https://backup-server.example.com:9002/backups
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.